1. Field of the Invention
This invention relates to application password protection, and more particularly to a method of generating a plurality of passwords from a single strong password or passphrase that is not stored.
2. Background Information
Many of todays software applications require users to enter a password. These applications may reside on a personal computer and/or a server that may be connected to a personal computer via a network. If a user uses a plurality of software applications that require the use of a password to gain entry, the user must either memorize many passwords, have these many passwords stored, or write them down. The passwords may be stored on the personal computer and/or the server where the software application resides. Some of these stored passwords may not be encrypted. Many users use the same or similar passwords, or a set of passwords to ease the memory requirement. A problem with this scheme is that not all software applications use cryptographic means of protecting the passphrase, or secret that is entered by the user. Thus, the users passwords may be compromised.
Also, a compromise of a password (also known as a passphrase) to one application may allow all other applications that use the same password to be compromised. Further, the password is sometimes used in software applications, such as wrapping a cryptographic key, in which the user can be attacked with a brute force password search. For example, an adversary that obtains a wrapped cryptographic key can test if the correct password is found. Thus, if the password size is not too large, the adversary can search over all of the password space until the correct password is found. To protect against this theft, a large or complex password is necessary. The problem with having large complex passwords is that a user must now remember a plurality of long or complex passwords.